github/infisical
1
0
Fork 0
mirror of https://github.com/Infisical/infisical.git synced 2026-01-09 23:48:05 -05:00
Code Issues Packages Projects Releases Wiki Activity

fix: tests failing

Browse Source
This commit is contained in:
Daniel Hougaard
2025-07-08 12:09:56 +04:00
parent 6bfcc59486
commit 6dfe5854ea
6 changed files with 29 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
backend/e2e-test/routes/v2/service-token.spec.ts
View File

@@ -1,6 +1,9 @@
import { SecretType, TSecrets } from "@app/db/schemas";
import { decryptSecret, encryptSecret, getUserPrivateKey, seedData1 } from "@app/db/seed-data";
import { initEnvConfig } from "@app/lib/config/env";
import { SymmetricKeySize } from "@app/lib/crypto";
import { crypto } from "@app/lib/crypto/cryptography";
import { initLogger, logger } from "@app/lib/logger";
const createServiceToken = async (
scopes: { environment: string; secretPath: string }[],
@@ -24,16 +27,17 @@ const createServiceToken = async (
});
const { user: userInfo } = JSON.parse(userInfoRes.payload);
const privateKey = await getUserPrivateKey(seedData1.password, userInfo);
const projectKey = testCryptoProvider.encryption().asymmetric().decrypt({
const projectKey = crypto.encryption().asymmetric().decrypt({
ciphertext: projectKeyEnc.encryptedKey,
nonce: projectKeyEnc.nonce,
publicKey: projectKeyEnc.sender.publicKey,
privateKey
});
const randomBytes = testCryptoProvider.randomBytes(16).toString("hex");
const randomBytes = crypto.randomBytes(16).toString("hex");
const { ciphertext, iv, tag } = testCryptoProvider.encryption().encryptSymmetric({
const { ciphertext, iv, tag } = crypto.encryption().encryptSymmetric({
plaintext: projectKey,
key: randomBytes,
keySize: SymmetricKeySize.Bits128
@@ -141,6 +145,9 @@ describe("Service token secret ops", async () => {
let projectKey = "";
let folderId = "";
beforeAll(async () => {
initLogger();
await initEnvConfig(testSuperAdminDAL, logger);
serviceToken = await createServiceToken(
[{ secretPath: "/**", environment: seedData1.environment.slug }],
["read", "write"]
@@ -158,7 +165,7 @@ describe("Service token secret ops", async () => {
const serviceTokenInfo = serviceTokenInfoRes.json();
const serviceTokenParts = serviceToken.split(".");
projectKey = testCryptoProvider.encryption().decryptSymmetric({
projectKey = crypto.encryption().decryptSymmetric({
key: serviceTokenParts[3],
tag: serviceTokenInfo.tag,
ciphertext: serviceTokenInfo.encryptedKey,
@@ -557,7 +564,7 @@ describe("Service token fail cases", async () => {
type: SecretType.Shared,
secretPath: "/",
// doesn't matter project key because this will fail before that due to read only access
...encryptSecret(testCryptoProvider.randomBytes(16).toString("hex"), "NEW", "value", "")
...encryptSecret(crypto.randomBytes(16).toString("hex"), "NEW", "value", "")
},
headers: {
authorization: `Bearer ${serviceToken}`

12
backend/e2e-test/routes/v3/secrets.spec.ts
View File

@@ -1,5 +1,8 @@
import { SecretType, TSecrets } from "@app/db/schemas";
import { decryptSecret, encryptSecret, getUserPrivateKey, seedData1 } from "@app/db/seed-data";
import { initEnvConfig } from "@app/lib/config/env";
import { crypto } from "@app/lib/crypto/cryptography";
import { initLogger, logger } from "@app/lib/logger";
import { AuthMode } from "@app/services/auth/auth-type";
const createSecret = async (dto: {
@@ -154,6 +157,9 @@ describe("Secret V3 Router", async () => {
let projectKey = "";
let folderId = "";
beforeAll(async () => {
initLogger();
await initEnvConfig(testSuperAdminDAL, logger);
const projectKeyRes = await testServer.inject({
method: "GET",
url: `/api/v2/workspace/${seedData1.project.id}/encrypted-key`,
@@ -172,7 +178,7 @@ describe("Secret V3 Router", async () => {
});
const { user: userInfo } = JSON.parse(userInfoRes.payload);
const privateKey = await getUserPrivateKey(seedData1.password, userInfo);
projectKey = testCryptoProvider.encryption().asymmetric().decrypt({
projectKey = crypto.encryption().asymmetric().decrypt({
ciphertext: projectKeyEncryptionDetails.encryptedKey,
nonce: projectKeyEncryptionDetails.nonce,
publicKey: projectKeyEncryptionDetails.sender.publicKey,
@@ -668,7 +674,7 @@ describe.each([{ auth: AuthMode.JWT }, { auth: AuthMode.IDENTITY_ACCESS_TOKEN }]
const { user: userInfo } = JSON.parse(userInfoRes.payload);
const privateKey = await getUserPrivateKey(seedData1.password, userInfo);
const projectKey = testCryptoProvider.encryption().asymmetric().decrypt({
const projectKey = crypto.encryption().asymmetric().decrypt({
ciphertext: projectKeyEnc.encryptedKey,
nonce: projectKeyEnc.nonce,
publicKey: projectKeyEnc.sender.publicKey,
@@ -684,7 +690,7 @@ describe.each([{ auth: AuthMode.JWT }, { auth: AuthMode.IDENTITY_ACCESS_TOKEN }]
});
expect(projectBotRes.statusCode).toEqual(200);
const projectBot = JSON.parse(projectBotRes.payload).bot;
const botKey = testCryptoProvider.encryption().asymmetric().encrypt(projectKey, projectBot.publicKey, privateKey);
const botKey = crypto.encryption().asymmetric().encrypt(projectKey, projectBot.publicKey, privateKey);
// set bot as active
const setBotActive = await testServer.inject({

5
backend/e2e-test/vitest-environment-knex.ts
View File

@@ -18,7 +18,6 @@ import { keyStoreFactory } from "@app/keystore/keystore";
import { initializeHsmModule } from "@app/ee/services/hsm/hsm-fns";
import { buildRedisFromConfig } from "@app/lib/config/redis";
import { superAdminDALFactory } from "@app/services/super-admin/super-admin-dal";
import { crypto } from "@app/lib/crypto/cryptography";
dotenv.config({ path: path.join(__dirname, "../../.env.test"), debug: true });
export default {
@@ -82,7 +81,7 @@ export default {
// @ts-expect-error type
globalThis.testServer = server;
// @ts-expect-error type
globalThis.testCryptoProvider = crypto;
globalThis.testSuperAdminDAL = superAdminDAL;
// @ts-expect-error type
globalThis.jwtAuthToken = jwt.sign(
{
@@ -111,6 +110,8 @@ export default {
// @ts-expect-error type
delete globalThis.testServer;
// @ts-expect-error type
delete globalThis.testSuperAdminDAL;
// @ts-expect-error type
delete globalThis.jwtToken;
// called after all tests with this env have been run
await db.migrate.rollback(

4
backend/src/@types/fastify-zod.d.ts vendored
View File

@@ -1,8 +1,8 @@
import { FastifyInstance, RawReplyDefaultExpression, RawRequestDefaultExpression, RawServerDefault } from "fastify";
import { TCryptographyFactory } from "@app/lib/crypto/cryptography";
import { CustomLogger } from "@app/lib/logger/logger";
import { ZodTypeProvider } from "@app/server/plugins/fastify-zod";
import { TSuperAdminDALFactory } from "@app/services/super-admin/super-admin-dal";
declare global {
type FastifyZodProvider = FastifyInstance<
@@ -15,6 +15,6 @@ declare global {
// used only for testing
const testServer: FastifyZodProvider;
const testCryptoProvider: TCryptographyFactory;
const testSuperAdminDAL: TSuperAdminDALFactory;
const jwtAuthToken: string;
}

4
backend/src/db/migrations/20250602155451_fix-secret-versions.ts
View File

@@ -3,11 +3,12 @@ import { Knex } from "knex";
import { chunkArray } from "@app/lib/fn";
import { selectAllTableCols } from "@app/lib/knex";
import { logger } from "@app/lib/logger";
import { initLogger, logger } from "@app/lib/logger";
import { SecretType, TableName } from "../schemas";
export async function up(knex: Knex): Promise<void> {
initLogger();
logger.info("Starting secret version fix migration");
// Get all shared secret IDs first to optimize versions query
@@ -133,6 +134,7 @@ export async function up(knex: Knex): Promise<void> {
}
export async function down(): Promise<void> {
initLogger();
logger.info("Rollback not implemented for secret version fix migration");
// Note: Rolling back this migration would be complex and potentially destructive
// as it would require tracking which version entries were added

1
backend/src/lib/crypto/cryptography.ts
View File

@@ -348,7 +348,6 @@ export const computeMd5 = (message: string, digest: DigestType = DigestType.Hex)
};
const cryptographyFactory = () => {
// placeholder for now
let $fipsEnabled = false;
let $isInitialized = false;